CVE-2026-10250
Received Received - Intake
SQL Injection in Online Blood Bank Management System

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-01
AI Q&A
2026-06-01
EPSS Evaluated
N/A
NVD
CVE-2026-10250
EUVD
EUVD-2026-33625
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
itsourcecode online_blood_bank_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The SQL injection vulnerability in the Online Blood Bank Management System 1.0 allows unauthorized database access, data tampering, and sensitive information leakage. Such unauthorized access and potential exposure of sensitive data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which mandate strict controls over personal and health-related information.

Exploitation of this vulnerability could result in breaches of confidentiality, integrity, and availability of sensitive data, which are core requirements under these standards. Therefore, organizations using this system without proper mitigation may face legal and regulatory consequences.


Can you explain this vulnerability to me?

This vulnerability is a critical SQL injection flaw found in the Online Blood Bank Management System version 1.0, specifically in the /admin/campsdetails.php file. It arises from improper input validation of the 'hospital' parameter, which allows attackers to inject malicious SQL queries remotely without needing authentication.

Exploitation of this flaw can lead to unauthorized access to the database, enabling attackers to tamper with data, leak sensitive information, and potentially compromise the entire system.


How can this vulnerability impact me? :

The impact of this vulnerability includes unauthorized database access, data tampering, leakage of sensitive information, and potential full system compromise.

  • Attackers can disrupt services by exploiting the vulnerability.
  • Sensitive patient or hospital data stored in the system may be exposed.
  • The integrity and availability of the blood bank management system can be severely affected.

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This SQL injection vulnerability in the Online Blood Bank Management System V1.0 can be detected by testing the 'hospital' parameter in the /admin/campsdetails.php file for SQL injection flaws.

Detection techniques include using boolean-based blind, error-based, and time-based blind SQL injection methods.

  • Use SQL injection testing tools or manual commands to inject payloads into the 'hospital' parameter and observe the responses.
  • Example command using curl to test for SQL injection: curl "http://targetsite/admin/campsdetails.php?hospital=1' OR '1'='1"
  • Use sqlmap or similar automated tools targeting the 'hospital' parameter to detect injection points.

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include implementing prepared statements with parameter binding to prevent SQL injection.

Strict input validation should be enforced on the 'hospital' parameter to ensure only expected input is accepted.

  • Use prepared statements with parameter binding in the /admin/campsdetails.php file.
  • Implement strict input validation and sanitization for all user inputs.
  • Minimize database user permissions to limit the impact of a potential exploit.
  • Conduct regular security audits to identify and fix vulnerabilities.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart